{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T01:09:31.195","vulnerabilities":[{"cve":{"id":"CVE-2022-41654","sourceIdentifier":"talos-cna@cisco.com","published":"2022-12-22T10:15:10.047","lastModified":"2024-11-21T07:23:34.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability."},{"lang":"es","value":"Existe una vulnerabilidad de omisión de autenticación en la funcionalidad de suscripción al boletín de Ghost Foundation Ghost 5.9.4. Una solicitud HTTP especialmente manipulada puede generar mayores privilegios. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV30":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":6.0}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.46.0","versionEndExcluding":"4.48.8","matchCriteriaId":"8E71806D-2CBB-4D88-8D27-117A20737E25"},{"vulnerable":true,"criteria":"cpe:2.3:a:ghost:ghost:*:*:*:*:*:node.js:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.22.7","matchCriteriaId":"10D8C53F-5C69-42AC-A343-2FF04D23395D"}]}]}],"references":[{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6","source":"talos-cna@cisco.com","tags":["Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624","source":"talos-cna@cisco.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/TryGhost/Ghost/security/advisories/GHSA-9gh8-wp53-ccc6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2022-1624","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}